libaudit-go icon indicating copy to clipboard operation
libaudit-go copied to clipboard
verified publisher icon mozilla

kernel panic under virtual machine

Open jiangytcn opened this issue 8 years ago • 1 comments

Issue

stop auditprint and kernel got panic

~/go/src/github.com/mozilla/libaudit-go# $GOPATH/bin/aud itprint testdata/rules.json

kernel logs

[  173.399485] audit: netlink_unicast sending to audit_pid=5074 returned error: -111
[  173.401834] Kernel panic - not syncing: audit: audit_pid=5074 reset
[  173.401834] 
[  173.403537] CPU: 2 PID: 936 Comm: kauditd Not tainted 4.4.0-75-generic #96~14.04.1-Ubuntu
[  173.405335] Hardware name: OpenStack Foundation OpenStack Nova, BIOS Ubuntu-1.8.2-1ubuntu1~cloud0 04/01/2014
[  173.405789]  0000000000000000 ffff880234c17d68 ffffffff813dce3c ffffffff81ccf361
[  173.405789]  ffff8800babaf0e4 ffff880234c17de0 ffffffff81182e9c 0000000000000010
[  173.405789]  ffff880234c17df0 ffff880234c17d90 ffff880234c17da0 ffff880234c17e28
[  173.405789] Call Trace:
[  173.405789]  [] dump_stack+0x63/0x87
[  173.405789]  [] panic+0xc8/0x20f
[  173.405789]  [] audit_panic+0x5e/0x60
[  173.405789]  [] audit_log_lost+0x3f/0xc0
[  173.405789]  [] kauditd_send_skb+0x122/0x150
[  173.405789]  [] ? audit_printk_skb+0x70/0x70
[  173.405789]  [] kauditd_thread+0x78/0x190
[  173.405789]  [] ? prepare_to_wait_event+0xf0/0xf0
[  173.405789]  [] kthread+0xc9/0xe0
[  173.405789]  [] ? kthread_park+0x60/0x60
[  173.405789]  [] ret_from_fork+0x3f/0x70
[  173.405789]  [] ? kthread_park+0x60/0x60
[  173.405789] Kernel Offset: disabled
[  173.405789] ---[ end Kernel panic - not syncing: audit: audit_pid=5074 reset

Env

go version: go version go1.7 linux/amd64

OS DISTRIB_ID=Ubuntu DISTRIB_RELEASE=14.04 DISTRIB_CODENAME=trusty DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS"

dpkg -l | grep audit ii auditd 1:2.3.2-2ubuntu1 amd64 User space tools for security auditing ii libaudit-common 1:2.3.2-2ubuntu1 all Dynamic library for security auditing - common files ii libaudit1:amd64 1:2.3.2-2ubuntu1 amd64 Dynamic library for security auditing ii libauparse0:amd64 1:2.3.2-2ubuntu1 amd64 Dynamic library for parsing security auditing

jiangytcn avatar Dec 08 '17 07:12 jiangytcn

in audit.h

struct audit_status { __u32 mask; /* Bit mask for valid entries / __u32 enabled; / 1 = enabled, 0 = disabled / __u32 failure; / Failure-to-log action */

...

/* Failure-to-log actions */ #define AUDIT_FAIL_SILENT 0 #define AUDIT_FAIL_PRINTK 1 #define AUDIT_FAIL_PANIC 2

you can configure failure mode to AUDIT_FAIL_SILENT

zhaozhongshu avatar Jul 17 '18 05:07 zhaozhongshu